£245.3 million worth of fines have been dished out by regulators under Europe’s tough data protection laws, according to research by DLA Piper.
According to the law firm’s annual fines and data breach report, Italy has had to pay €69.3 million (£62.4 million) in fines since General Data Protection Regulation (GDPR) was established in 2018, topping the rankings for Europe.
Italy was closely followed by Germany (€69.1 million) and France (€54.4 million.)
The research found that there have been over 281,000 data breach notifications since 2018, Germany (77,747), The Netherlands (66,527) and the UK (30,536) saw the highest number of data breaches notified to regulators.
While France and Italy, countries with populations over 67 million and 62 million people respectively, only recorded 5389 and 3460 data breach notifications for the same period.
DLA Piper attributes this to “cultural differences in approach to breach notification.”
The report also discovered that the aggregate daily rate of breach notifications in Europe experienced double digit growth for the second year running with 331 notifications per day since 28 January 2020.
This represents a 19 per cent increase compared to 278 breach notifications per day for the previous year.
The highest GDPR fine to date remains the €50 million fine (£45 million) imposed by the French data protection regulator on Google, for alleged infringements of the transparency principle and lack of valid consent.
Following two high profile data breaches, the UK Information Commissioner’s Office (ICO) published two notices of intent to impose fines in July 2019 totalling £282 million.
But a significant climbdown by the ICO meant that the final fines imposed in October 2020 were greatly reduced to £20 million and £18.4 million.
According to the study Denmark saw the most breaches per 100,000 people, at 155.6, closely followed by The Netherlands at 150.
Ireland is in third place with 127.8 reported breaches per 100,000 people.
Greece, Italy and Croatia reported the fewest number of breaches per capita since 28 January 2020.
GOOD NEWS, the EU GDPR is an EU Regulation and it no longer applies to the UK. However, if you operate inside the UK, you will need to comply with UK data protection law.
Are you up-to date with these and the Web? No….
Contact us for help.